Date: Sun, 2 Nov 2014 18:36:54 +0100 (CET) From: "Thor E. Lie" <thor@thorerik.com> To: freebsd-stable@freebsd.org Subject: PF NAT seeminglt drops TCP connections at random Message-ID: <637493342.277606.1414949814817.JavaMail.zimbra@thorerik.com> In-Reply-To: <935627270.271423.1414945303076.JavaMail.zimbra@thorerik.com> References: <935627270.271423.1414945303076.JavaMail.zimbra@thorerik.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I've been configuring a new server with FreeBSD 10.0-RELEASE-p10, Jails(via ezjail) and PF with NAT Translation rules. Initially when logging in to a jail the connection would randomly drop, usually when there where (relativel) large databursts(eg. tailing a log, opening vi(m) or similar that would clear the screen). When running a TCPdump and analyzing it seemed to drop right around when tcpdump recorded a "IP bad-len 0", which led me to this february 2008 post[1] on the list, which at least in terms of the nic fits the bill[2], so I proceeded to follow 2 of the suggestions that where posted there(net.inet.tcp.rfc1323=0 and net.inet.tcp.tso=0), disabling rfc1323 sysctl resolved the SSH sessions dropping. However when downloading a package, or downloading something with fetch, it drops the connection again, it seems like it sends a fin(or fin-ack? I'm not terribly comfortable with tcpdump yet)[3]. [1]: https://lists.freebsd.org/pipermail/freebsd-current/2008-February/083056.html [2]: http://pastebin.com/MQAkmW14 [3]: http://pastebin.com/wDU9xYK5 -- Thor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?637493342.277606.1414949814817.JavaMail.zimbra>